It is important to remember that not all hacks take place over an Internet connection. In fact, most of the work is done offline, especially since most systems place limits on the number of assumptions allowed before locking out an account.
Offline cracking usually involves the process of decrypting passwords using a list of hashes that were likely taken from a recent data breach. Without the threat of discovery or the restrictions of the password form, hackers can take their time.
Of course, this can only be done after the initial attack has been successfully launched, be it a hacker gaining elevated privileges and database access, using a SQL injection attack, or stumbling into an unsecured server.